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Goals  and  Accomplishments 

Two  largely  disjoint  approaches  have  been  used  to  prove  the  correctness  of  security  protocols. 
The  first  essentially  ignores  the  details  of  cryptography  by  assuming  perfect  cryptography  (i.e., 
nothing  encrypted  can  ever  be  decrypted  without  the  encryption  key)  and  an  adversary  that 
controls  the  network.  By  ignoring  the  cryptography,  it  is  possible  to  give  a  more  qualitative 
proof  of  correctness,  using  logics  designed  for  reasoning  about  security  protocols.  Indeed, 
this  approach  has  enabled  axiomatic  proofs  of  correctness  and  model  checking  of  proofs.  The 
second  approach  applies  the  tools  of  modern  cryptography  to  proving  correctness,  using  more 
quantitative  arguments.  Typically  it  is  shown  that,  given  some  security  parameter  k  (where  k 
may  be,  for  example,  the  length  of  the  key  used)  an  adversary  whose  running  time  is  polynomial 
in  k  has  a  negligible  probability  of  breaking  the  security,  where  “negligible”  means  “less  than 
any  inverse  polynomial  function  of  k." 

The  goal  of  this  project  has  been  to  develop  logics  for  reasoning  about  security  at  both 
the  qualitative  and  quantitative  level.  Two  approaches  have  been  considered.  The  first  builds 
on  a  logic  designed  by  the  PI  that  has  a  binary  operator  — >,  where  <f>  — >■  i/j  is  interpreted  as 
“the  probability  of  given  ^  goes  to  1.”  Proof  of  qualitative  statements  of  the  form  cf>  — >•  ^ 
in  the  logic  can  automatically  be  converted  to  proofs  of  quantitative  statements  of  the  form 
(j>  — >r  •0,  where  r  is  a  real  number  in  [0, 1],  which  is  interpreted  as  “the  probability  of  V’  given 
4>  is  at  least  1  —  r.”  In  joint  work  with  Anupam  Datta,  John  Mitchell,  and  Arnab  Roy,  the 
logic  has  been  applied  to  proving  the  correctness  of  a  variety  of  security  protocols.  Doing  this 
required  extending  the  original  logic  to  include  additional  operators  for  reasoning  about  traces, 
essentially  with  features  in  the  spirit  of  dynamic  logic.  A  proof  system  for  the  extended  logic 
was  developed  that  was  shown  to  be  rich  enough  to  prove  correctness  of  a  variety  of  protocols. 
Interactions  between  the  conditional  probability  assertions  and  dynamic  logic  assertions  were 
studied. 

The  second  approach,  joint  work  with  the  PI,  Ron  van  der  Meyden,  and  Riccardo  Pucella, 
involves  a  logic  for  reasoning  about  knowledge,  probability,  and  time.  A  special  case,  restricting 
to  only  probability  1  statements,  gives  a  qualitative  logic  of  belief.  By  allowing  arbitrary 
probability  statements,  more  quantitative  statements  can  be  expressed.  A  key  innovation  in 
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the  logic  is  distinguishing  strings  from  messages  as  a  way  to  capture  the  fact  that  agents 
are  resource  bounded.  For  example,  suppose  that  i  sends  j  the  message  m7,  where  m7  is  m 
encrypted  by  a  shared  key  k.  Does  j  know  that  i  has  sent  m  encrypted  by  kl  If  j  does  not 
have  the  key  k.  then,  intuitively,  the  answer  is  no;  agent  j  has  no  way  of  knowing  that  m7  is 
the  result  encrypting  m  by  k.  Of  course,  if  j  were  not  computationally  bounded,  then  j  could 
figure  out  that  m7  is  indeed  m  encrypted  by  k.  Standard  approaches  to  modeling  knowledge 
treat  agents  as  computationally  unbounded;  in  particular,  they  are  assumed  to  know  all  valid 
formulas.  Since  the  fact  that  m7  is  the  result  of  encrypting  m  by  k  is  a  valid  mathematical 
statement,  all  agents  will  know  it. 

To  get  around  this  problem,  two  views  of  messages  are  considered.  The  first  views  a  message 
simply  as  a  string  of  symbols;  the  second  views  the  message  as  a  term  with  structure.  When 
j  receives  the  message  m/,  j  knows  that  he  received  (the  string)  m7.  What  j  does  not  know 
is  that  he  received  m  encrypted  by  k;  j  considers  it  possible  that  m7  is  m77  encrypted  by 
k" ,  or  that  m7  is  not  the  encryption  of  any  message.  By  considering  both  strings  and  terms, 
and  mappings  between  them,  an  agent  can  be  uncertain  about  what  term  a  string  represents. 
Thus,  for  example,  an  agent  i  may  know  that  s  represents  the  encryption  of  some  message, 
even  though  i  does  not  know  which  message  it  is  the  encryption  of.  This  approach  deals  with 
resource-bounded  agents  in  a  natural  and  powerful  way. 
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—  Behavioral  and  Quantitative  Game  Theory:  Conference  on  Future  Directions,  New¬ 
port  Beach,  California  (May,  2010) 
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•  Game  Theory  with  Costly  Computation 

—  Sackler  Lecture,  Tel  Aviv  University  Economics  Dept,  Tel  Aviv,  Israel  (October 
2009) 

—  Champery  Spring  School,  Champery,  Switzerland  (Feb.,  2010) 

•  Iterated  Regret  Minimization:  A  New  Solution  Concept 

—  Center  for  Rationality,  Hebrew  University,  Jerusalem,  Israel  (Jan.  2010) 

—  Champery  Spring  School,  Champery,  Switzerland,  Feb.,  2010 

•  Defaults  and  normality  in  causal  structures, 

—  MICRAC  Workshop  on  Causality  in  AI  and  Cognitive  Psychoology  Toulouse,  France 
(June  2009) 

•  Distributed  Computing  Meets  Game  Theory:  Robust  Mechanisms  for  Secret  Sharing  and 
Implementation  with  Cheap  Talk 

—  Technion  (January,  2010) 

—  Champery  Spring  School,  Champery,  Switzerland  (Feb.,  2010) 

•  Knowledge  and  common  knowledge  in  multi-agent  systems 

—  Fulbright  Distinguished  Lecture,  Hebrew  University  (March,  2010) 

•  Intransitivity  and  Vagueness 
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—  Australasian  Joint  Conference  on  Artifical  Intelligence  (December  2012). 

•  Causality,  Responsibility,  and  Blame 

—  Conference  on  Scalable  Uncertainty  Management  (SUM  2011),  Dayton,  Ohio  (Oct. 

2011) 

—  Lisbon  Workshop  on  Causality  and  Inference,  Lisbon,  Portugal  (May  2012) 

•  Reasoning  about  Knowledge  of  Awareness  Revisited 

—  Workshop  on  Unawareness:  Conceptualization  and  Modelling,  Johns  Hopkins,  Bal¬ 
timore,  Maryland  (October,  2011) 

•  Sequential  Equilibrium  in  Games  of  Imperfect  Recall 

—  Workshop  on  Extensive  Form  Games  in  Honor  of  Harold  Kuhn,  Vienna,  Austria 
(June  2012) 

•  Robustness  and  Optimization  of  Scrip  Systems 

—  CWI,  Amsterdam,  Netherlands  (January,  2011) 

—  Google  Tech  Talk,  Google,  New  York  City,  NY  (December  2012) 

•  Awareness  in  Games,  Awareness  in  Logic, 
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cial  Intelligence,  and  Reasoning),  Yogyakarta,  Indonesia  (Oct.,  2010). 
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New  discoveries,  inventions  or  patent  disclosures 

None. 
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Honors  /  Awards 

(All  awards  in  this  reporting  period;  major  awards  from  earlier  periods) 

•  “Language-based  games”  selected  as  one  of  two  top  papers  from  TARK  (Conference  on 
Theoretical  Aspects  of  Reasoning  About  Knowledge)  to  be  presented  at  session  at  IJCAI 
2013  on  best  papers  from  related  conferences. 

•  “Ambiguous  language  and  differences  in  beliefs”  given  the  Ray  Reiter  Best  Paper  award 
at  the  Thirteenth  International  Conference  on  Knowledge  Representation  and  Reasoning, 
2012. 

•  Selected  IEEE  Fellow,  2012 

•  Selected  Economic  Theory  Fellow,  Society  for  the  Advancement  of  Economic  Theory,  2011 

•  ACM  SIGART  Autonomous  Agents  Research  Award,  2011 

•  Saul  Gorn  Memorial  Lecturer,  University  of  Pennsylvania,  2011. 

•  Fulbright  Distinguished  Chair  in  Natural  Sciences  and  Engineering,  Hebrew  University, 
2009-10 

•  Kenneth  A.  Goldman  ’71  Excellence  in  Teaching  Award,  2010 

•  Sackler  Lecturer,  Tel  Aviv  University,  2009 

•  2009  Edsger  Dijkstra  Prize  in  Distributed  Computing 

•  2008  ACM/ AAAI  Newell  Award 

•  Selected  Fellow  of  AAAS,  November,  2005. 

•  Selected  Fellow  of  ACM,  2002. 

•  Awarded  1997  Godel  Prize  for  outstanding  paper  in  the  area  of  theoretical  computer 
science  for  “Knowledge  and  common  knowledge  in  a  distributed  environment” . 

•  Fellow  of  the  American  Association  of  Artificial  Intelligence,  1993. 
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